<?php
include(dirname(__FILE__).'/../../config/config.inc.php');
include(dirname(__FILE__).'/../../init.php');
include(dirname(__FILE__).'/transferuj.php');

$transferuj=new transferuj();
$customer = new Customer((int)$cookie->id_customer);

if (isset($customer))
	if (($_POST['confirm']==$customer->secure_key) && ($cookie->isLogged(true)))
	{
		$cart_id=base64_decode($_POST['crc']);
		$transferuj->validateOrder((int)$cart_id, _PS_OS_PREPARATION_, $_POST['kwota'], $transferuj->displayName, NULL, array(), NULL, false,$customer->secure_key);
		$order = new Order((int)($transferuj->currentOrder));
		$_POST['opis']="Zamówienie nr: ".$transferuj->currentOrder;
		$data='?';

		echo "<html><head></head><body>
		<form name='submitform' action='https://secure.transferuj.pl' method=POST>";
		foreach ($_POST as $k => $v) {
		if ($k == 'confirm') continue;
		  echo " <input type='hidden' name='$k' value='$v' />\n";
		}
		echo"<input type=hidden name='opis' value='Zamówienie nr:$transferuj->currentOrder' />
		</form>
		<SCRIPT FOR=window EVENT=onload LANGUAGE='JavaScript'>
		 document.submitform.submit();
		</SCRIPT>
		</body></html>";		

	} else
if(!empty($_POST) && $_SERVER['REMOTE_ADDR']==Configuration::get('TRANSFERUJ_TIP'))//$_SERVER['REMOTE_ADDR']=='195.149.229.109') // weryfikuj IP serwera
{
	$opis="transferuj.pl";
	
	$sid=Configuration::get('TRANSFERUJ_SID');
	$tr_id=$_POST['tr_id'];
	$tr_amount=$_POST['tr_amount'];
	$tr_crc=$_POST['tr_crc'];
	$kod=Configuration::get('TRANSFERUJ_COD');
	$arr=explode(':',$_POST['tr_desc']);
	$otr=trim($arr[1],' ');
	
	if(md5($sid.$tr_id.$tr_amount.$tr_crc.$kod)==$_POST['md5sum'])
	{
		$tr_paid=$_POST['tr_paid'];
		$cart_id=base64_decode($_POST['tr_crc']);
		$status_transakcji = $_POST['tr_status'];
		// pobierz id_employee
		$asql='SELECT `id_employee` FROM `'._DB_PREFIX_.'order_history` WHERE `'._DB_PREFIX_.'order_history`.`id_order` = \''.$otr.'\'';
		$res=Db::getInstance()->ExecuteS($asql); 
		$res=$res[0];		
		if ($status_transakcji=='TRUE')
		{
			// wrzuć nowy status
			$asql='INSERT INTO `'._DB_PREFIX_.'order_history` 
					(`id_employee`,`id_order`,`id_order_state`,`date_add`) VALUES (\''.$res["id_employee"].'\',\''.$otr.'\',\''._PS_OS_PAYMENT_.'\',\''.date('Y-m-d H:i:s').'\')';
			$res=Db::getInstance()->ExecuteS($asql); 		
		//	$transferuj->validateOrder($cart_id,_PS_OS_PAYMENT_,$tr_paid,$opis, 'ID:'.$tr_id);
		} else{
			// wrzuć nowy status
			$asql='INSERT INTO `'._DB_PREFIX_.'order_history` 
					(`id_employee`,`id_order`,`id_order_state`,`date_add`) VALUES (\''.$res["id_employee"].'\',\''.$otr.'\',\''._PS_OS_ERROR_.'\',\''.date('Y-m-d H:i:s').'\')';
			$res=Db::getInstance()->ExecuteS($asql); 		
			//$transferuj->validateOrder($cart_id,_PS_OS_ERROR_,0,$opis, 'ID:'.$tr_id);
		}
		// uaktualnij czas zmiany statusu
		$asql='UPDATE `'._DB_PREFIX_.'orders` SET
				`date_upd` =  \''.date('Y-m-d H:i:s').'\'
				WHERE `'._DB_PREFIX_.'orders`.`id_order` = \''.$otr.'\'
				LIMIT 1 ';	
		$res=Db::getInstance()->ExecuteS($asql); 				
		//$order = new Order($transferuj->currentOrder);
	}
	else
	{
		// odebrane dane są błędne
	}
}
echo "TRUE";

?>